Privacy Policy
Last updated: 2026-05-01
TL;DR
JobFill is a local-first Chrome extension. Your profile, resumes, and API keys live only in your browser's local storage. The extension has no backend and collects no analytics or telemetry. The only outbound network calls happen when you click Draft with AI or Test connection — and those calls go directly to the AI provider you configured, using your own API key.
What is stored on your device
The extension stores the following in chrome.storage.local on your machine:
- Your profile: name, email, phone, links, location, work history, education, work-authorization answers, and any optional EEO answers you choose to enter.
- Resume files you upload, with the tags you assign them.
- Saved snippets you author for reuse.
- Your AI provider choice, model name, and API key.
None of this is transmitted to any server operated by JobFill. There is no JobFill server. You can export everything via Options → Data → Export all data, or wipe everything via Clear all data.
What is transmitted, and when
The extension makes outbound network requests only in response to your action, and only to the endpoint you configured:
| You click | What is sent | Where it goes |
|---|---|---|
| Draft with AI | Your profile summary, the question text, and the visible job-posting context from the active page. | The AI provider you configured (OpenAI, Anthropic, or a compatible endpoint), authenticated with your API key. |
| Test connection | A short test prompt. | Same: your configured AI provider, with your API key. |
| Autofill form / Attach resume | Nothing leaves your device. The extension reads the active tab's form and writes values from local storage into it. | — |
Each AI provider has its own privacy policy, retention rules, and training-data settings. You should read theirs before sending anything sensitive: OpenAI, Anthropic, or your custom endpoint's documentation.
What we do not do
- No analytics, no telemetry, no usage tracking.
- No remote configuration, no remote code execution.
- No accounts, no logins, no licensing servers.
- No data sold or shared with third parties.
- No advertising.
Why each Chrome permission is requested
| Permission | Why |
|---|---|
storage |
To save your profile, resumes, snippets, and API key in chrome.storage.local. |
activeTab |
To read the active job application page when you open the popup or click an action, so the extension can detect the form and fill it. |
scripting |
To inject the autofill logic into the active tab when you click Autofill in the popup. |
| Host permissions for Greenhouse, Lever, Workday domains | So the content script can run on application forms hosted at those origins to detect fields, populate them, and attach your resume. |
Host permissions for api.openai.com and api.anthropic.com |
So the extension can call those APIs only when you click Draft with AI or Test connection. |
Data retention and deletion
Because everything is stored locally in your browser, deleting the extension removes the data with it. You can also clear it at any time from Options → Data → Clear all data, or selectively remove individual resumes and profile fields from the options page.
Children
JobFill is not directed at children under 13 and is not intended for their use.
Changes to this policy
If this policy changes, the Last updated date above will change. Substantive changes — for example, the introduction of any kind of telemetry — will be highlighted in the extension's release notes before they take effect.
Contact
Questions about this policy or the extension's privacy behavior: open an issue on the project's repository, or contact the maintainer through the email listed on the Chrome Web Store listing.